Re: Change Ownership Permission Checks

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-patches(at)postgresql(dot)org
Subject: Re: Change Ownership Permission Checks
Date: 2005-07-15 19:10:31
Message-ID: 20050715191031.GV24207@ns.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers pgsql-patches

* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > Attached please find a patch to change how the permissions checking
> > for alter-owner is done. With roles there can be more than one
> > 'owner' of an object and therefore it becomes sensible to allow
> > specific cases of ownership change for non-superusers.
>
> Applied with minor revisions. The patch as submitted suffered a certain
> amount of copy-and-paste-itis (eg, trying to use pg_type_ownercheck on
> an opclass), and I really disliked using ACLCHECK_NOT_OWNER as the way
> to report "you can't assign ownership to that role because you are not
> a member of it". So I made a separate error message for that case.

Great, thanks! Sorry about the copy-and-paste-itis... Must have been a
case I wasn't sure about. The different error message makes perfect
sense. I see you also did the superuser-in-every-role change that I had
included, thanks.

When writing this patch it occurred to me that we nuke our
member-of-role cache for one-off lookups on occation. I don't
particularly like that, especially when we *know* it's a one-off lookup,
so I was considering adding a function for the one-off lookup case but
I couldn't come up with a way to avoid a fair bit of mostly-the-same
code as the current cache-regen code, without making the cache-regen
code alot slower which would negate the point.

Just some thoughts.

Thanks again,

Stephen

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2005-07-15 19:45:01 Re: Change Ownership Permission Checks
Previous Message Marko Kreen 2005-07-15 17:20:38 Re: 4 pgcrypto regressions failures - 1 unsolved

Browse pgsql-patches by date

  From Date Subject
Next Message Tom Lane 2005-07-15 19:45:01 Re: Change Ownership Permission Checks
Previous Message Bruce Momjian 2005-07-15 18:21:22 Re: thousands comma numeric formatting in psql